1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Huge backdoor discovered that could compromise SSH logins on Linu

    From TechnologyDaily@1337:1/100 to All on Sun Mar 31 21:00:10 2024
    Huge backdoor discovered that could compromise SSH logins on Linux

    Date:
    Sun, 31 Mar 2024 20:50:00 +0000

    Description:
    Updates required for Debian sid, Fedora 40, Fedora Rawhide, openSUSE Tumbleweed, and openSUSE MicroOS

    FULL STORY ======================================================================

    On Friday March 29, Microsoft employee Andres Freund shared that he had found odd symptoms in the xz package on Debian installations. Freund noticed that ssh login was requiring a lot of CPU and decided to investigate leading to
    the discovery.

    The vulnerability has received the maximum security ratings with a CVS score of 10 and a Red Hat Product Security critical impact rating.

    Red Hat assigned the issue CVE-2024-3094 but based on the severity and a previous major bug being named Heartbleed , the community has cheekily named the vulnerability a more vulgar name and inverted the Heartbleed logo.
    Luckily the vulnerability has been caught early

    Red Hat wrote: "Malicious code was discovered in the upstream tarballs of
    xz, starting with version 5.6.0. Through a series of complex obfuscations,
    the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library
    that can be used by any software linked against this library, intercepting
    and modifying the data interaction with this library."

    The malicious injection can be found only in the tarball download package of xz versions 5.6.0 and 5.6.1 libraries. The Git distribution does not include the M4 Macro that triggers the code. The second-stage artifacts are present
    in the Git repository for the injection during the build time, if the malicious M4 macro is present. Without the merge into the build, the
    2nd-stage file is innocuous.

    You are recommended to check for xz version 5.6.0 or 5.6.1 in the following distributions and downgrade to 5.4.6. If you cannot you should disable public facing SSH servers. More from TechRadar Pro Best managed VPS servers Check
    out our top picks for best managed WordPress ScalaHosting review



    ======================================================================
    Link to news story: https://www.techradar.com/pro/website-hosting/huge-backdoor-discovered-that-co uld-compromise-ssh-logins-on-linux


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)